What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Extbasic 6


Sucky Sysadmin

Level 6

This site in run by a new sysadmin who does not know much about web configuration
The script is located at http://moo.com/moo.php
Attempt to make the script think you are authed by entering the correct URI.

Here is the script (me.php):

        $user = $_GET['user'];
        $pass = $_GET['pass'];
        if (isAuthed($user,$pass))
        if ($passed==TRUE)
                echo 'you win';
        <form action="me.php" method="get">
        <input type="text" name="user" />
        <input type="password" name="pass" />
        function isAuthed($a,$b)
                return FALSE;

  1. Check the script above, since the function isAuthed always return FALSE, if you input any values of user and pass, you will never get passed.
  2. So, you need to neglect the authentication function and get through the program directly.
  3. Input ' http://moo.com/me.php?passed=1 ' and check.
  4. It's done.